diff options
| -rw-r--r-- | configuration.nix | 52 | ||||
| -rw-r--r-- | ipfs.nix | 51 |
2 files changed, 58 insertions, 45 deletions
diff --git a/configuration.nix b/configuration.nix index c68d76b..9e00c0a 100644 --- a/configuration.nix +++ b/configuration.nix @@ -20,8 +20,9 @@ in { } "${config.services.nginx.virtualHosts.${domain}.root}/~"; imports = [ - ./vpsadminos.nix + ./ipfs.nix ./matrix.nix + ./vpsadminos.nix ]; networking = { @@ -46,18 +47,6 @@ in { security = { acme = { acceptTerms = true; - certs.${domain} = { - credentialsFile = pkgs.writeText "namesilo.env" '' - NAMESILO_API_KEY_FILE=/var/lib/acme/namesilo.key - NAMESILO_PROPAGATION_TIMEOUT=1800 - ''; - dnsProvider = "namesilo"; - extraDomainNames = [ - "*.ipfs.${domain}" - "*.ipns.${domain}" - ]; - webroot = null; - }; defaults.email = "mcsinyx@disroot.org"; }; @@ -69,18 +58,6 @@ in { }; services = { - ipfs = { - enable = true; - enableGC = true; - extraConfig.GateWay = { - NoFetch = true; - PublicGateways.${domain} = { - Paths = [ "/ipfs" "/ipns" ]; - UseSubdomains = true; - }; - }; - }; - molly-brown = { certPath = "${certs.directory}/cert.pem"; docBase = "/var/lib/gemini/${domain}"; @@ -89,28 +66,13 @@ in { keyPath = "${certs.directory}/key.pem"; }; - nginx = let - ipfsGateway = "http://localhost:8080"; - ipfsProxy = { - forceSSL = true; - locations."/".proxyPass = ipfsGateway; - useACMEHost = domain; - }; - in { + nginx = { enable = true; recommendedProxySettings = true; - virtualHosts = { - "${domain}" = { - enableACME = true; - forceSSL = true; - locations = { - "/ipfs".proxyPass = ipfsGateway; - "/ipns".proxyPass = ipfsGateway; - }; - root = "/var/lib/www/${domain}"; - }; - "*.ipfs.${domain}" = ipfsProxy; - "*.ipns.${domain}" = ipfsProxy; + virtualHosts.${domain} = { + enableACME = true; + forceSSL = true; + root = "/var/lib/www/${domain}"; }; }; diff --git a/ipfs.nix b/ipfs.nix new file mode 100644 index 0000000..a2bf6a3 --- /dev/null +++ b/ipfs.nix @@ -0,0 +1,51 @@ +{ config, pkgs, ... }: +let domain = config.networking.domain; +in { + security.acme.certs.${domain} = { + credentialsFile = pkgs.writeText "namesilo.env" '' + NAMESILO_API_KEY_FILE=/var/lib/acme/namesilo.key + NAMESILO_PROPAGATION_TIMEOUT=1800 + ''; + dnsProvider = "namesilo"; + extraDomainNames = [ + "*.ipfs.${domain}" + "*.ipns.${domain}" + ]; + webroot = null; + }; + + services = { + ipfs = { + enable = true; + enableGC = true; + extraConfig.GateWay = { + NoFetch = true; + PublicGateways.${domain} = { + Paths = [ "/ipfs" "/ipns" ]; + UseSubdomains = true; + }; + }; + }; + + nginx.virtualHosts = let + ipfsGateway = "http://localhost:8080"; + ipfsProxy = { + forceSSL = true; + locations."/".proxyPass = ipfsGateway; + useACMEHost = domain; + }; + in { + "${domain}".locations = { + "/ipfs".proxyPass = ipfsGateway; + "/ipns".proxyPass = ipfsGateway; + }; + "*.ipfs.${domain}" = ipfsProxy; + "*.ipns.${domain}" = ipfsProxy; + "ipwhl.${domain}" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = ipfsGateway; + }; + }; + }; +} |